Azure Bot Service App Secret

Detects Azure Bot Service application secret patterns. This pattern is based on a Microsoft Purview built-in sensitive information type. Users already running Purview may prefer to enable the built-in SIT directly, or use this version as a starting point for customisation.

Type

regex

Engine

universal

Confidence

high

Confidence justification

High confidence: structurally constrained pattern matching bot application secrets with corroborative keyword support reduces false positive rates significantly. Added context gating and exclusion rules improve precision and reduce incidental matches.

Detection quality

Verified

Jurisdictions

global

Regulations

Criminal Code Act 1995 (Cth)

Frameworks

CIS Controls, ISO 27001, NIST CSF, PCI-DSS, SOC 2

Data categories

credentials, security

Scope

specific

Risk rating

10

Platform compatibility

Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Degraded, Netskope: Unsupported

Pattern

(?i)(?:MicrosoftAppPassword|bot[._-]?app[._-]?secret|app[._-]?password)\s*[:=]\s*"?[A-Za-z0-9_.\-~]{20,50}"?

Corroborative evidence keywords

MicrosoftAppPassword, Bot Service, app secret, bot app, bot registration, client secret, Azure Bot, app password, api key, api_key, apikey, access key, access token, auth token, authorization, bearer, conn str, connection string, connectionstring, cookie (+45 more)

Proximity: 300 characters

Should match

• MicrosoftAppPassword=AAAA0000-BBBB-1111-CCCC-222233334444 — Bot Service app password as GUID
• bot_app_secret: "ABCDEFghijklmnop0123456789ABCDEF" — Bot app secret as alphanumeric string
• app_password="00000000000000000000000000000000" — App password with placeholder value

Should not match

• MicrosoftAppId=00000000-0000-0000-0000-000000000000 — App ID, not app secret
• MicrosoftAppPassword="" — Empty password value
• template example placeholder record identifier — Template/sample context should be excluded even when anchor words are present

Known false positives

• Bot Service templates and sample code containing placeholder application secrets. Mitigation: Check for common placeholder values and sample project indicators.
• Other Microsoft application passwords in non-bot contexts. Mitigation: Require proximity to Bot Service specific keywords to differentiate.

References

• Azure Bot Service app secret entity definition - Microsoft Learn